Liquid cooling tamper detection

ABSTRACT

In some examples, a computing system can include an exterior enclosure for the computing system, an electrical component within the enclosure, an interior cooling line within the enclosure to circulate coolant past the electrical component to remove heat generated by the electrical component, and an inlet coolant line port through the exterior enclosure to receive an inlet coolant line. The inlet coolant line port can, for example, include a sensor to detect tampering with an interior of the inlet coolant line.

BACKGROUND

Computer security can refer to the protection of computing systems fromtheft, damage, disruption, or other threats. Such security can seek toprotect against threats that come via network access (e.g., downloadableviruses and malware), as well as certain threats available only throughphysical access to the hardware. Data centers are typically designed toprovide robust security, and to prevent unwanted physical access tocomputer equipment. However, some workloads may require additionallevels of security. Moreover, future IT growth in emerging markets maylead to the deployment of computing systems in data centers and otherlocations in which local support cannot be entrusted with access tocritical data and Intellectual Property (“IP”).

BRIEF DESCRIPTION OF DRAWINGS

FIG. 1 is a diagram of a computing system according to an example.

FIG. 2 is a diagram of a computing system according to another example.

FIG. 3 is a diagram of a computing system according to another example.

FIG. 4 is a diagram of a computing system according to another example.

FIG. 5 is a diagram of a portion of a computing system according to anexample.

FIG. 6 is a cross-sectional view of the portion of FIG. 5 along lineA-A′.

FIG. 7 is a diagram of a computing system according to another example.

FIG. 8 is a diagram of a computing system according to another example.

FIG. 9 is a diagram of a computing system according to another example.

DETAILED DESCRIPTION

The following discussion is directed to various examples of thedisclosure. Although one or more of these examples may be preferred, theexamples disclosed herein should not be interpreted, or otherwise used,as limiting the scope of the disclosure, including the claims. Inaddition, the following description has broad application, and thediscussion of any example is meant only to be descriptive of thatexample, and not intended to intimate that the scope of the disclosure,including the claims, is limited to that example. Throughout the presentdisclosure, the terms “a” and “an” are intended to denote at least oneof a particular element. In addition, as used herein, the term“includes” means includes but not limited to, the term “including” meansincluding but not limited to. The term “based on” means based at leastin part on.

Certain implementations of the present disclosure can enable improvedlevels of physical security and data protection for edge computing andremote computing, networking, and/or storage deployments, such as forexample certain infrastructure computing equipment deployed on utilitypoles or cell towers, or other equipment that cannot reasonably beplaced within a secured perimeter. In some implementations, a computingsystem can include a liquid coolant line to circulate liquid to cool anelectronic component of the system. The system can further include acoolant security monitor coupled to the line to detect interiortampering of the line. For example, in some implementations, pressureand/or flow of coolant can be monitored and feedback from the monitoringcan be used to detect tamper attempts. Certain implementations can beused to help prevent unwanted probing or other attacks on the system viathe coolant lines, which can pose significant security risks in certainsituations. Other advantages of implementations presented herein will beapparent upon review of the description and figures.

FIGS. 1-4 depict diagrams of various examples of a computing system 100.The computing systems 100 can, for example, include a liquid coolantline 102 and coolant security monitor 104 coupled to liquid coolant line102 to detect interior tampering of coolant line 102. As described infurther detail below, the various implementations may include additionalcomponents, functionality, etc. It is appreciated that these examplesmay include or refer to certain aspects of other implementationsdescribed herein (and vice-versa), but are not intended to be limitingtowards other implementations described herein. Moreover, it isappreciated that certain aspects of these implementations may be appliedto other implementations described herein. As but one example, althoughFIG. 1 does not expressly depict a storage medium, it is appreciatedthat in some implementations, computing system 100 of FIG. 1 may includea storage medium, such as for example storage medium 106 described withrespect to FIG. 2.

As provided above, computing system 100 includes liquid coolant line102, which can, for example, circulate liquid through computing system100 to cool an electronic component 108 of system 100. Electroniccomponent 108 can, for example, include certain computer equipmentcomponents, such as integrated circuits, CPUs, chipset, graphics cards,and hard disk drives, etc. In some implementations, component 108 can beany heat-generating component, including a component that is especiallysusceptible to temporary malfunction or permanent failure if overheated.In some implementations, electronic component 108 can be a processingresource (e.g., processing resource 120 in some implementations) thatmonitors the coolant line (e.g., security monitor 104). Likewise, insome implementations, electronic component 108 can be a processingresource (e.g., processing resource 120 in some implementations) thatcontrols a liquid cooling pump (e.g., pump 150 of FIG. 7) or otheraspect of computing system 100.

In some implementations, system 100 includes an inlet region 109 wherecoolant line 102 enters an exterior enclosure (e.g., enclosure housing132 of computing system 100). Inlet region 109 can, for example, includeportions of one or more components, such as an inlet region portion ofenclosure housing 132, interior inlet liquid coolant line 113, securitymonitor 104, etc. Inlet region 109 can, in some implementations, referto an area where exterior inlet liquid coolant line 115 passes through atamper detection barrier 134 or an opening within tamper detectionbarrier 134. As provided herein, inlet region 109 can, for example,include an inlet gate 127 or another structure to detect and/or deterinfiltration or tampering of interior inlet liquid coolant line 113 orexterior inlet liquid coolant line 115. It is appreciated that in someimplementations, inlet region 109 can include a sensor (e.g., sensor116) or another suitable mechanism to assist in detecting tampering orfor another purpose.

In some implementations, system 100 includes an outlet region 111 wherecoolant line 102 enters an exterior enclosure housing 132 of computingsystem 100. Outlet region 111 can, for example, include portions of oneor more components, such as an outlet region portion of enclosurehousing 132, interior outlet liquid coolant line 117, security monitor104, etc. Outlet region 111 can, in some implementations, refer to anarea where exterior outlet liquid coolant line 119 passes through atamper detection barrier 134 or an opening within tamper detectionbarrier 134. As provided herein, outlet region 111 can, for example,include an outlet gate 125 or another structure to detect and/or deterinfiltration or tampering of interior outlet liquid coolant line 117 orexterior outlet liquid coolant line 119. It is appreciated that in someimplementations, outlet region 111 can include a sensor (e.g., sensor116) or another suitable mechanism to assist in detecting tampering orfor another purpose.

As provided elsewhere herein, system 100 can include a liquid coolingsystem to cool heat generating components of system 100. Such a liquidcooling system can, for example, include at least one heat exchanger, atleast one cold plate, and at least one expansion valve to managedual-phase flow. The cold plate can, for example, transfer heat fromelectronic devices and components to cooling fluid in the various liquidcoolant lines of coolant line 102 (e.g., lines 113, 115, 117, 119). Theheat exchanger can, for example, transfer heat from cooling fluid in thelines to the air for removal. It is appreciated that the various liquidcoolant lines (e.g., lines 113, 115, 117, 119) can be made of suitabletubing or any other suitable structure that encloses an interior bore orlumen within which a cooling fluid can circulate. In someimplementations one or more of lines 113, 115, 117, 119 are flexibletubes, whereas in other implementations, such lines are rigid orsemi-rigid.

As provided above, computing system 100 includes a coolant securitymonitor 104, which can, for example, be coupled to liquid coolant line102 to detect interior tampering of coolant line 102. In someimplementations, coolant security monitor 104 can monitor changes in aflow and/or pressure of coolant within coolant line 102 to detectinterior tampering of coolant line 102. It is appreciated that otherparameters related to the flow and/or presence of coolant within line102 can be analyzed to detect interior tampering of coolant line 102. Insome implementations, coolant security monitor 104 can detect thepresence of a foreign object inserted within coolant line 102 to detectinterior tampering of coolant line 102. For example, in someimplementations, coolant security monitor 103 can detect the insertionof a probe within coolant line 102 based on readings from sensor (e.g.,sensor 116) and/or based on disturbance of one or both of gates 125 and127 within monitor 104. Coolant security monitor 104 can, for example,be coupled to the liquid coolant line to detect interior tampering ofthe coolant line at both the inlet region and the outlet region.

In some implementations, system 100 includes a tamper detection sensor116, such as for example a temperature and/or flow sensor and/or othercomponents to enable tamper detection within coolant line 102, coupledto liquid coolant line 102 of system 100 to detect tampering of coolantline 102. In some implementations, pressure and flow of coolant withincoolant line 102 are monitored by sensor 116 and feedback is provided tologic of system 100 to assist in detecting tamper attempts.

In some implementations, coolant line 102 includes a gate (e.g., outletgate 125 and inlet gate 127 of FIG. 6) that is sized to prevent passageof foreign objects through the cooling line while allowing coolant toflow through coolant line 102. Such gates can, for example, beelectrically coupled to the coolant security module to notify thecoolant security module of coolant line tampering. Such gates can, forexample, be constructed from suitable sintered metal matrix material,which can, in some implementations, also allow filtration of thecoolant. Tamper detection of the sintered matrix can be performed byembedding a security conductor loop to the matrix before sintering.Breakage or piercing of the matrix will result in continuity failure ofthe conductor. Such a gate (e.g., gate 125, 127) can, for example, be inthe form of a security mesh. In some implementations, coolant line 102can provide tamper detection through the use of metal matrix coolantpassages, which can, for example, include embedded security wire todetect intrusion attempts.

Various example implementations for the present disclosure will now bedescribed. It is appreciated that these examples may include or refer tocertain aspects of other implementations described herein (andvice-versa), but are not intended to be limiting towards otherimplementations described herein. Moreover, it is appreciated thatcertain aspects of these implementations may be applied to otherimplementations described herein.

FIG. 3 depicts an example computing system 100 of the presentdisclosure. System 100 of FIG. 3 includes an exterior enclosure housing132 for system 100 and an electrical component 108 within enclosurehousing 132. Such a system 100 can further include an interior coolingline 102 within enclosure housing 132 to circulate coolant pastelectrical component 108 to remove heat generated by electricalcomponent 108. System 100 of FIG. 3 further includes an inlet coolantline port 114 through exterior enclosure housing 132 to receive inletcoolant line 102. Inlet coolant line port 114 can, for example, includeone or more aspects or equipment within inlet region 109 and can, forexample, include one or more components to allow fluid coupling ofinterior inlet coolant line 113 with exterior inlet cooling line 115.Inlet coolant line port 114 can, in some implementations, implement aquick-release type connectors to enable hot-pluggable connection andremoval from other components. It is appreciated that inlet coolant lineport 114 can be any other suitable type of port to allow fluid coupling.In some implementations, inlet coolant line port 114 can, for example,include a sensor, such as for example coolant security monitor 104, todetect tampering with an interior of the inlet coolant line.

FIG. 4 depicts an example computing system 100 of the presentdisclosure. System 100 of FIG. 4 includes the various aspects of system100 of FIG. 3 and further includes an outlet coolant line port 118through exterior enclosure housing 132 to receive an outlet coolantline. Outlet coolant line port 118 can, for example, include one or moreaspects or equipment within outlet region 111 and can, for example,include one or more components to allow fluid coupling of interioroutlet coolant line 117 with exterior outlet cooling line 119. Outletcoolant line port 118 can, in some implementations, implement aquick-release type connectors to enable hot-pluggable connection andremoval from other components. It is appreciated that outlet coolantline port 118 can be any other suitable type of port to allow fluidcoupling. In some implementations, outlet coolant line port 118 can, forexample, include a tamper detection sensor 116, such as for example asensor within coolant security monitor 104, to detect tampering with aninterior of outlet coolant line 102.

FIGS. 5-6 are views of a portion of system 100 including securitymonitor 104 and elements of coolant line 102. In particular, FIG. 5depicts a perspective view of the portion of system 100 and FIG. 6depicts a cross-sectional view of the portion of FIG. 5 alone line A-A′.As depicted in FIG. 5, security monitor 104 includes a housing 129 thatsecures elements of coolant line 102 such that inlet liquid coolantflows in direction 121 and that outlet liquid coolant flows in direction123. In the example of FIG. 5, housing 129 divides interior inletcoolant line 113 from exterior inlet coolant line 115 and dividesinterior outlet coolant line 117 from exterior outlet coolant line 119.It is appreciated that the interior inlet coolant line 113 and exteriorinlet coolant line 115 can, in some implementations, be distinct piecesjoined together at monitor 104, whereas in other implementations,interior inlet coolant line 113 and exterior inlet coolant line 115 canbe a single piece of coolant line that passes through monitor 104.Likewise, it is appreciated that the interior outlet coolant line 117and exterior outlet coolant line 119 can, in some implementations, bedistinct pieces joined together at monitor 104, whereas in otherimplementations, interior outlet coolant line 117 and exterior outletcoolant line 119 can be a single piece of coolant line that passesthrough monitor 104.

As depicted in FIG. 6, housing 129 can include openings sized to receiveoutlet gate 125 and inlet gate 127, which are described in furtherdetail elsewhere herein. Housing 129 can, for example, include openings,grooves, and/or other structures to secure a communication link 140 foroutlet gate 125 and/or inlet gate 127. Link 140 of FIG. 6 can, forexample, communicate tamper detection signals from outlet gate 125,inlet gate 127, and logic of system 100. It is appreciated that in someimplementations, monitor 104 may include separate communication links140 for outlet gate 125 and inlet gate 127.

FIG. 7 depicts a diagram of an example liquid cooling security system100. System 100 of FIG. 7 includes an exterior enclosure housing 132with a tamper detection security monitor 104 which can, for example,detect intrusion or tampering with in interior of coolant line 102.System 100 of FIG. 7 further includes an interior enclosure housing 142to house one or more heat generating electronic components (e.g.,component 108) of system 100. Cool liquid coolant within line 113 thathas successfully passed through monitor 104 can pass through interiorenclosure housing 142 via cool coolant port 146 and exhaust warm liquidcoolant that has been used to cool electronic components of system 100via system warm coolant port 144.

As depicted in FIG. 7, system 100 can include a power and pump enclosure148 that can, for example, house one or more power backup cells 130 andliquid cooling pump 150. Pump 150 used with system 100 can, for example,include any suitable pump for a liquid cooling system. Pump 150 can, forexample, be in the form of a positive displacement mechanical pump. Pump150 can include an inlet port 152 and an output port 154 which can, forexample, connect to quick-release type connectors to enablehot-pluggable connection and removal of pump 150. Pump 150 can, forexample, be driven by stepper motor coils that rotate aninternally-threaded rotor that moves a pump screw. A plunger can beconnected to the pump screw to discharge liquid inside pump 150 throughoutput port 154. A sensor inside pump 150 can, for example, detectmotion of the plunger and generate a pulse electrical signal that can beused for control and monitoring operations. Pump discharge and suctionvolumes can, for example, be controlled by monitoring pulse number andselectively driving the motor coils. It is appreciated that alternativepump technologies may otherwise be used for an electronic liquid coolingsystem, for example using piezo-electric crystals and/orelectro-osmosis.

Backup energy source 130 can, for example, be used to run a clockcircuit and retain configuration memory while system 100 is turned off.Backup energy source 130 can, for example, be in the form of a CMOSstorage backup energy source or BIOS backup energy source. It isappreciated that backup energy source 130 can In some implementations,backup energy source 130 can be integrated as part of an uninterruptiblepower supply (UPS), to provide power to system 100 for a variable periodafter a power failure (e.g., a period to allow system 100 to be shutdown gracefully. Backup energy source 130 can, for example, be in theform of a battery, such as a large valve regulated lead-acid batteries,wet cell lead-acid, nickel cadmium, lithium ion, or any other suitablebattery type. Backup energy source 130 can, for example, be used toensure active monitoring while in shipping and in power loss events. Insome implementations, system 100 can indicate tampering upon disablingor disruption in service of backup energy source 130.

FIGS. 8-9 depict an example liquid cooling security system 100. System100 of FIGS. 8-9 includes a tamper detection sensor 116, such as forexample a temperature or flow sensor within coolant security monitor104, coupled to liquid coolant line 102 of computing system 100 todetect tampering of a liquid coolant line 102. System 100 also includesa non-transitory machine readable storage medium 106 having storedthereon machine readable instructions to cause a computer processor(processing resource 120 of FIG. 9) to: (1) receive data from tamperdetection sensor 116 (instructions 122); (2) determine whether thereceived data indicates tampering of the liquid coolant line(instructions 124); and (3) perform an action to mitigate tampering whenit is determined that the received data indicates tampering of theliquid coolant line (instructions 126).

In some implementations, computing system 100 can include non-transitorymachine readable storage medium 106 having stored thereon machinereadable instructions (e.g., instructions 122, 124, 126 etc.), which aredescribed in further detail below. Storage medium 106 can, for example,be in the form of a non-transitory machine-readable storage medium, suchas a suitable electronic, magnetic, optical, or other physical storageapparatus to contain or store information such as machine-readableinstructions, etc. It is appreciated that other memory resources beyondnon-transitory machine-readable storage mediums can be used with certainimplementations of the present disclosure. Such instructions can beoperative to perform one or more functions described herein. Storagemedium 106 can, for example, be housed within the same housing asprocessing resource 120 for computing system 100, such as within acomputing tower case, server rack, or standalone enclosure for computingsystem 100. In some implementations, storage medium 106 and processingresource 120 are housed in different housings. As used herein, the term“machine-readable storage medium” can, for example, include RandomAccess Memory (RAM), flash memory, a storage drive (e.g., a hard disk),any type of storage disc (e.g., a Compact Disc Read Only Memory(CD-ROM), any other type of compact disc, a DVD, etc.), and the like, ora combination thereof. In some implementations, storage medium 106 cancorrespond to a memory including a main memory, such as a Random AccessMemory (RAM), where software may reside during runtime, and a secondarymemory. The secondary memory can, for example, include a nonvolatilememory where a copy of machine-readable instructions are stored. It isappreciated that both machine-readable instructions as well as relateddata can be stored on memory mediums and that multiple mediums can betreated as a single medium for purposes of description.

In some implementations, system 100 can include a processing resource120 to execute one or more instructions stored on medium 106. Processingresource 120 can, for example, be in the form of a central processingunit (CPU), a semiconductor-based microprocessor, a digital signalprocessor (DSP) such as a digital image processing unit, other hardwaredevices or processing elements suitable to retrieve and executeinstructions stored in a memory resource or storage medium (e.g., medium106), or suitable combinations thereof. Processing resource 120 can, forexample, include single or multiple cores on a chip, multiple coresacross multiple chips, multiple cores across multiple devices, orsuitable combinations thereof. Processing resource 120 can be functionalto fetch, decode, and execute instructions as described herein. As analternative or in addition to retrieving and executing instructions,processing resource 120 can, for example, include at least oneintegrated circuit (IC), other control logic, other electronic circuits,or suitable combination thereof that include a number of electroniccomponents for performing the functionality of instructions stored onstorage medium 106. The term “logic” can, in some implementations, be analternative or additional processing resource to perform a particularaction and/or function, etc., described herein, which includes hardware,e.g., various forms of transistor logic, application specific integratedcircuits (ASICs), etc., as opposed to machine executable instructions,e.g., software firmware, etc., stored in memory and executable by aprocessor. Processing resource 120 can, for example, be implementedacross multiple processing units and instructions may be implemented bydifferent processing units in different areas of system 100.

As provided above, system 100 includes instructions 122 to cause acomputer processor of computing system 100 to receive data from tamperdetection sensor 116. Such data can, for example, be in the form of datathat itself indicates tampering or any other related, relevant, orsuitable tamper detection data. For example, in some implementations,the received tamper detection data may not be sufficient to itselfindicate tampering by itself, but may be combined with other dataaccessible by system 100 or another entity to indicate tampering ofsystem 100.

As provided above, system 100 includes instructions 124 to cause acomputer processor of computing system 100 to determine whether thereceived data indicates tampering of liquid coolant line 102.Instructions 124 can be programmed to indicate tampering when thereceived data indicates that a flow or pressure of liquid coolant withinline 102 satisfies certain criteria. In some implementations,instructions 124 may not indicate tampering until it is determined thata flow or pressure of liquid coolant within line 102 satisfies certaincriteria for a specific amount of time or other time-based criteria. Forexample, instructions 124 may instruct a processing resource to waituntil criteria for at least one hour before indicating tampering.

In some implementations, instructions 124 can be programmed to indicatetampering based on a combination of received data that indicatestampering and other information. As but one example, instructions 124can be programmed to indicate tampering when received data indicatestampering only during a specific day of the week. As another example,instructions 124 can be programmed to indicate tampering only when thereceived data indicates tampering and system 100 detects an attempt atphysical intrusion of an enclosure of system 100. As another example,system 100 can include sensors 116, which can, for example be atemperature, flow, pressure etc. sensor) to monitor temperature at oneor more inlets and outlets of system 100 to detect and/or take actionagainst a temperature attack on the hardware. In some implementations,system 100 can be programmed such that the detection of abnormaltemperatures along with detection of coolant line-based tampering can besufficient (by itself or with other factors) for instructions 124 ofsystem 100 to indicate tampering.

In some implementations, instructions 124 can be programmed to indicatetampering when no data is received from tamper detection sensor 116. Insuch an implementation, the received data, can, for example, be in theform of a NULL data set (or other suitable data structure) to indicatethat data was not received or is not available. It is appreciate thatother such formats may be supplied and that the term “received data” mayrefer to a failure to receive expected data. In some implementations,such data can refer to data indicating the disabling or other disruptionof tamper detection functionality. For example, instructions 124 can beprogrammed to indicate tampering upon detection of an attempt to removeor damage security monitor 104.

In some implementations, system 100 can indicate tampering uponprolonged operation of backup energy source 130. For example, system 100can be programmed to indicate tampering when backup energy source 130 isused for more than one hour. This mode can, for example, be enabledafter system 100 is successfully installed and such a prolonged poweroutage is unlikely. As another example, system 100 can be programmed toindicate tampering when backup energy source 130 is used for more thanthree weeks. This mode can, for example, be enabled when system 100 isshipped and before it is successfully installed. It is appreciated thatthe specific lengths of time provided herein are merely used as examplesand such time-based criteria may be defined according to customerpreference or other factors.

Instructions 126 stored on storage medium 106 can, for example, cause acomputer processor of computing system 100 to perform an action tomitigate tampering when it is determined that the received dataindicates tampering of computing system 100. In some implementations,such an action can be in the form of an alert that tampering has beendetected. Such an alert can be in any suitable form, such as anelectronic message sent by computing system 100, an audio, visual, oranother type of alert, notification, etc. It is appreciated that in someimplementations, such an action can be triggered when no data isreceived or in response to some other error condition.

In some implementations, the action of instructions 126 can be in theform of disabling predetermined functionality of computing system 100.For example, wireless transmission of data for computing system 100 maybe disabled in response to a determination of tampering. In someimplementations, power input from a power backup cell (e.g., powerbackup energy source 130 of FIG. 7 and other power sources may bedisabled in response to a determination of tampering. Disabling suchpower sources can, for example, mitigate a threat of tampering bypreventing computing system 100 from turning on altogether. In someimplementations, the action of instructions 126 can be programmed torender computing system 100 permanently unusable (e.g., “bricking” thesystem) or otherwise locking the system down. For example, in someimplementations, the action of instructions 126 can lock down system 100until an unauthorized user or other entity unlocks the system. In someimplementations, system 100 can be unlocked through the use of a customhardware and/or software tool.

In some implementations, the action of instructions 126 can be in theform of deleting certain data stored on computing system 100. Forexample, in some implementations, a class of sensitive data stored oncomputing system 100 can be deleted in response to a determination oftampering. In some implementations, all data stored on one or morestorage mediums within computing system 100 can be deleted. Likewise, incertain situations, all data stored on computing system 100 can bedeleted. It is appreciated that in some implementations, data canadditionally or alternatively be encrypted, locked down, backed up,etc., in response to a determination of tampering.

In some implementations, instructions 126 can cause a computer processorto perform multiple actions to mitigate tampering. Such multiple actionscan be performed sequentially, in parallel, or another suitable timingor order. For example, in some implementations, a first action can be inthe form of a notification to a local and/or remote IT administrator orother suitable entity and a second action, performed in parallel withthe first action, can be in the form of deleting sensitive data fromcomputing system 100. It is appreciated that any number of actions canbe performed to mitigate tampering.

In some implementations, system 100 can be configured with acryptographic key. If security is compromised in transit, the key can be“zeroed” by security measures within system 100. When the equipment isinstalled at its usage location, the key is used to generate anencrypted one-time key during a startup process, which can, for example,be transmitted back to the customer for validation. This can, in somesituations, be used to ensure that tamper detection has not beentriggered and the unit has maintained security throughout delivery andsetup.

In some implementations, computing system 100 can include an enclosurehousing 132. Such an enclosure housing 132 can, in some implementations,merely enclose one or more components of computing system 100 andprevent against electrical shock, water, dust, or other environmentalthreats. In some implementations, enclosure housing 132 can include oneor more features to prevent or mitigate tampering with components ofcomputing system 100. For example, certain implementations of thepresent disclosure can provide for tamper resistant airflow and cableegress. In some implementations, the enclosure may only expose certainconnections, such as panel mount power and networking connections.

Certain implementations of the present disclosure are directed to ahardened standalone enclosure, which can be capable of supporting 12U ofcomputational resources or another suitable configuration. In someimplementations, the enclosure can be a 10U compute general purpose rackserver. The enclosure can, for example, be constructed of steel or othersuitable material or combination of materials. In some implementations,enclosure housing 132 can include a lock to prevent the opening ofhousing 132 without a key. It is appreciated that housing 132 caninclude additional or alternative security features.

For example, in some implementations, housing 132 may include anintrusion tamper detection barrier (e.g., barrier 134 of FIG. 9).Barrier 134 can, for example, be disposed within housing 132 to detectintrusion of a foreign object in the enclosure housing. Intrusiondetection can rely on a conductive layer of Mylar or another suitablefoil, a flex circuit, Indium Tin Oxide, conductive ink, etc. In someimplementations, the use of such a barrier can provide for activemonitoring. Such active monitoring can additionally or alternatively beprovided through the use of mechanisms such as a flexible circuit,conductive ink on polyester, etc.

In some implementations, computing system 100 can include an enclosurehousing 132. Such an enclosure housing 132 can, in some implementations,merely enclose one or more components of computing system 100 andprevent against electrical shock, water, dust, or other environmentalthreats. In some implementations, enclosure housing 132 can include oneor more features to prevent or mitigate tampering with components ofcomputing system 100. For example, certain implementations of thepresent disclosure can provide for tamper resistant airflow and cableegress. In some implementations, the enclosure may only expose certainconnections, such as panel mount power and networking connections.

In some implementations, barrier 134 can be in the form of anelectrically conductive mesh that can provide an electrical signal to acomponent (e.g., processing resource 120 of FIG. 9) of system 100 whenthe mesh is damaged, disturbed, or another criteria is met. As depictedfor example in FIG. 9, a mesh or other tamper detection barrier 134 canline an entire interior of housing 132 (e.g., along a panel of housing132), as well as along ports, vents, and other points of entries.

It is appreciated that one or more components, modules of components, orportions of components can be disposed inside of the intrusion tamperdetection barrier 134. For example, in some implementations, one or morecomponents of tamper detection sensor 116 can be at least partiallyexterior to an intrusion tamper detection barrier, as shown for examplein FIG. 9.

System 100 of FIG. 9 can include a Top of Rack (TOR), interconnectmodule, or other network communication module 136 in communication withone or more network connections of system 100. In some implementations,module 136 can allow for networked communication with other equipment.Module 136 can, for example, include a network interface controllerhaving a port 138, such as an Ethernet port and/or a Fibre Channel port.In some implementations, module 136 can include wired or wirelesscommunication interface, and in some implementations, can provide forvirtual network ports. In some implementations, module 136 includeshardware in the form of a hard drive, related firmware, and othersoftware for allowing the hard drive to operatively communicate withother network equipment. Module 136 can, for example, includemachine-readable instructions for use with communication thecommunication module, such as firmware for implementing physical orvirtual network ports.

As used herein, the term “module” refers to a combination of hardware(e.g., a processor such as an integrated circuit or other circuitry) andsoftware (e.g., machine- or processor-executable instructions, commands,or code such as firmware, programming, or object code). A combination ofhardware and software can include hardware only (i.e., a hardwareelement with no software elements), software hosted at hardware (e.g.,software that is stored at a memory and executed or interpreted at aprocessor), or hardware and software hosted at hardware. It is furtherappreciated that the term “module” is additionally intended to refer toone or more modules or a combination of modules. Each module of system100 can, for example, include one or more machine-readable storagemediums and one or more computer processors.

Storage medium 106 can be in communication with monitor 104 or anothercomponent of system 100 via a communication link 140. Each communicationlink 140 can be local or remote to a machine (e.g., a computing device)associated with processing resource 120. Examples of a localcommunication link 140 can include an electronic bus internal to amachine (e.g., a computing device) where storage medium 106 is one ofvolatile, non-volatile, fixed, and/or removable storage medium incommunication with processing resource 120 via the electronic bus.

While certain implementations have been shown and described above,various changes in form and details may be made. For example, somefeatures that have been described in relation to one implementationand/or process can be related to other implementations. In other words,processes, features, components, and/or properties described in relationto one implementation can be useful in other implementations.Furthermore, it should be appreciated that the systems and methodsdescribed herein can include various combinations and/orsub-combinations of the components and/or features of the differentimplementations described. Thus, features described with reference toone or more implementations can be combined with other implementationsdescribed herein. As used herein, “a” or “a number of” something canrefer to one or more such things. For example, “a number of widgets” canrefer to one or more widgets.

What is claimed is:
 1. A computing system comprising: a liquid coolantline to circulate liquid through the computing system to cool anelectronic component of the computing system; a coolant security monitorcoupled to the liquid coolant line to detect interior tampering of thecoolant line.
 2. The system of claim 1, wherein the coolant securitymonitor is to monitor changes in a flow of coolant within the coolantline to detect interior tampering of the coolant line.
 3. The system ofclaim 1, wherein the coolant security monitor is to monitor changes in apressure of coolant within the coolant line to detect interior tamperingof the coolant line.
 4. The system of claim 1, wherein the coolantsecurity monitor is to detect the presence of a foreign object insertedwithin the coolant line to detect interior tampering of the coolantline.
 5. The system of claim 1, wherein the coolant line includes a gatethat is sized to prevent passage of foreign objects through the coolingline while allowing coolant to flow through the coolant line.
 6. Thesystem of claim 5, wherein the gate is in the form of a security mesh.7. The system of claim 5, wherein the gate is electrically coupled tothe coolant security module to notify the coolant security module ofcoolant line tampering.
 8. The system of claim 1, wherein the coolantline includes: an inlet region where the coolant line enters an exteriorenclosure of the computing system, and an outlet region where thecoolant line exits an exterior enclosure of the computing system.
 9. Thesystem of claim 8, wherein the coolant security monitor is coupled tothe liquid coolant line to detect interior tampering of the coolant lineat both the inlet region and the outlet region.
 10. A liquid coolingsecurity system comprising: a tamper detection sensor coupled to aliquid coolant line of a computing system to detect tampering of aliquid coolant line; and a non-transitory machine readable storagemedium having stored thereon machine readable instructions to cause acomputer processor to: receive data from the tamper detection sensor;determine whether the received data indicates tampering of the liquidcoolant line; and perform an action to mitigate tampering when it isdetermined that the received data indicates tampering of the liquidcoolant line.
 11. The system of claim 10, wherein the received datacorresponds to a flow of liquid coolant through the liquid coolant line.12. The system of claim 10, wherein the action includes sending an alertthat tampering of the coolant line has been detected.
 13. The system ofclaim 10, wherein the action includes disabling predeterminedfunctionality of the computing system.
 14. A computing systemcomprising: an exterior enclosure for the computing system; anelectrical component within the enclosure; an interior cooling linewithin the enclosure to circulate coolant past the electrical componentto remove heat generated by the electrical component; and an inletcoolant line port through the exterior enclosure to receive an inletcoolant line; wherein the inlet coolant line port includes a sensor todetect tampering with an interior of the inlet coolant line.
 15. Thecomputing system of claim 14, further comprising: an outlet coolant lineport through the exterior enclosure to receive an outlet coolant line,wherein the outlet coolant line port includes a sensor to detecttampering with an interior of the outlet coolant line.